Where Governments Hack Their Own People and People Fight Back: 2018 in Review

Throughout 2018, new surveillance practices continued to erode the privacy of people in Latin America. Yet local and regional digital rights organizations continue to push back with strategic litigation, journalists and security researchers investigate to shed light on government use of malware, and local activists work tirelessly to fight overarching surveillance laws and practices across the region.

Mexico: Murders and Hacking #GobiernoEspia

Mexico has remained in the headlines this year for privacy violations. In 2018, Citizen Lab, with the ARTICLE 19 Office for Mexico and Central America, Mexican NGO R3D, and SocialTIC, revealed that two journalists from Rio Doce—an independent news outlet covering drug cartels—were targeted with malware. The journalists received text messages laced with Pegasus malware made by the Israeli spyware firm NSO Group. They links were sent to them after their colleague, award-winning Mexican journalist and Rio Doce co-founder Javier Valdez died of 12 bullet wounds.

The Mexican government has been denounced before for illegally spying on twenty of its most outspoken critics. Despite abundant evidence pointing to the illegal use of Pegasus in Mexico, NSO Group has apparently maintained its relationship with the Mexican government. In response, R3D last August filed civil lawsuits in Israel and Cyprus against NSO Group alleging negligence and complicity to human rights violations. R3D is demanding that NSO Group cease its services and be held accountable for its role in the Mexican government's human rights violations. R3D also seeks to hold Mexican officials responsible for these abuses.

Guatemala: Planting Malicious Software on Citizens' Computers

Governments have used the same malicious software that petty internet criminals use to take over innocent users' computers, for the purpose of social control. This year, El Nuevo Diario published a groundbreaking report revealing a years-old, vast, and illegal spying operation against Guatemalan activists, entrepreneurs, politicians, journalists, diplomats, and social leaders. The report found the government of the Patriot Party (Partido Patriota) spent more than 90 million quetzales (US $12 million) on IMSI-catchers and software to monitor and collect social media information for investigations and surveillance. They also purchased malicious software from the world's most notorious malware providers: Hacking Team’s Galileo and NSO Group’s Pegasus. The news revealed that the government used those tools to target protesters fighting government corruption in 2015. Digital rights organizations such as Fundacion Acceso and IPANDETEC used this opportunity to raise awareness about privacy rights, despite the country's deeply rooted culture of secrecy surrounding surveillance.

Chile: Creating False Evidence

"Operation Hurricane," run by police in Chile's La Araucanía region, prompted the 2017 arrest of eight Mapuche community members, an indigenous group in South Central Chile, accused of forming an illicit terrorist association, using electronic chats as evidence. This year, Operation Hurricane thrust state surveillance into the digital age to the forefront of Chilean public opinion. In a shocking turn, the Chief Prosecutor (Fiscal) of the High Complexity Unit of La Araucanía confirmed the prosecution of officials from the Police Intelligence Directorate of Carabineros for obstruction of justice by producing false evidence to incriminate the Mapuche community members.

The Fight Goes On

This year, privacy rights have faced unprecedented attacks from Latin American governments and companies—attacks that the Latin American digital rights community has been instrumental in repelling. In addition those we've already mentioned, these groups include: the Karisma Foundation in Colombia, which is fighting against facial recognition and CCTV cameras in Colombian subway stations; TEDIC from Paraguay, which raises awareness of surveillance practices such as the use of biometric systems; and international organizations such as ARTICLE 19, with regional offices in Mexico and Brazil, supported by an international office in London.

While concerns and actions in Europe and the United States often get the international headlines, local groups in Latin America are doing the vital groundwork of investigating transgressions, lobbying for change, and litigating for justice. We hope that, as the public begins to recognize the growing threats, they will also do more to support organizations doing important work in Latin America.

This article is part of our Year in Review series. Read other articles about the fight for digital rights in 2018.

Related Updates

Law enforcement access to data is in the middle of a profound shake-upacross the globe. States are pushing to get quicker, deeper, and more invasive access to personal data stored on the global Internet, and are looking to water down the international safeguards around privacy and due...

California Governor Gavin Newsom, in his first State of the State Address, called for a “Data Dividend” (what some are calling a “digital dividend”) from big tech. It’s notyetclear what form this dividend will take. We agree with Governor Newsom...

EFF joined a letter to Secretary of State Mike Pompeo opposing a proposal to deploy stronger vetting procedures against Chinese students intending to study in the United States because the procedures would threaten the free speech interests of both Chinese students and their American associates. Reuters...

The way we design user interfaces can have a profound impact on the privacy of a user’s data. It should be easy for users to make choices that protect their data privacy. But all too often, big tech companies instead design their products to manipulate users into surrendering their data...

France’s data protection authority is first out the gate with a big decision regarding a high-profile tech company, and every other enforcer in Europe is taking notes. On January 21, France’s CNIL fined Google 50 million Euros for breaches of the General Data Protection Regulation (GDPR)...

Imagine this: an enormous tech company is tracking what you do on your phone, even when you’re not using any of its services, down to the specific images that you see. It’s also tracking all of your network traffic, because you’re installing one of its specially-designed routers. And even though...

Since even before he took office, President Trump has called for a physical wall along the southern border of the United States. Manydifferentorganizations have argued this isn’t a great idea. In response, some Congressional Democrats have suggested turning to surveillance...